virus logo FortiClient Vulnerability

Moodle CVE-2017-1000071 Authentication Bypass Vulnerability

description-logoDescription

Old CAS servers (3.3.5.1 or 3.4.2.1, both released Jul 21, 2010) do not escape the failure message which could be exploited with the phpCAS client library that is shipped as part of Moodle. Only fix for this issue was picked to phpCAS library in Moodle, the library will be upgraded to the latest version in the next major Moodle release. See also https://github.com/Jasig/phpCAS/issues/228

affected-products-logoAffected Applications

Moodle

CVE References

CVE-2017-1000071

Other References

https://moodle.org/mod/forum/discuss.php?d=355557
ID 36705
Created Aug 12, 2018
Description
Updated		 Jan 16, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS MacOS
Vendor Moodle
Patch manual
Application Moodle